Mobile Applications and Device Security

In this course, students will learn how to:

• Control and protect mobile applications and devices against data threats
• Identify potential flaws in developed and downloaded mobile applications
• Leverage best practices for iOS and Android application security
• Securely integrate mobile devices in the enterprise
• Launch a vulnerability assessment plan to address weaknesses in mobile devices and applications

Who Should Attend
Those tasked with implementing, testing and deploying secure mobile applications and devices.

Introduction to Mobile Security

• Identifying components of a mobile operating system (OS)
• Exposing the threats faced by mobile devices
• Uncovering mobile hacking tools
• Revealing the top ten mobile risks

Developing a Mobile Security Policy
Defining the mobile threat model

• Balancing multiple types of mobile threats
• Exposing items at risk
• Building an attack tree
• Assessing risk and business benefits

Creating an acceptable use policy

• Establishing device enrollments
• Defining access control
• Instituting permissions on usage and control
• Enhancing connectivity control
• Sustaining screen protection

Integrating Security Throughout the Application Development Process
Employing Open Web Application Security Project (OWASP) resources

• Recognizing cyber security risks
• Addressing identified vulnerabilities promptly
• Applying secure development guidelines
• Reducing risks by implementing proven techniques

Developing proper controls and design

• Securing data in transit and at rest
• Protecting interface data
• Storing data in the iOS and Android keychain
• Implementing user authentication
• Handling sessions properly

Testing Mobile Applications
Locating vulnerabilities in source code

• Implementing secure coding techniques
• Differentiating between software and programming language vulnerabilities

Reviewing the code

• Conducting static and dynamic analysis
• Analyzing network traffic
• Selecting the appropriate testing tools
• Implementing trust boundaries

Applying Security Measures to Devices
Differentiating between various mobile platforms

• Designing procedures to secure Android-based devices
• Securing the iPhone and iPad
• Exploring the implications for other platforms
• Modifying policies to work with each mobile OS

Evaluating security settings

• Identifying faults in current settings
• Applying whole disk and file encryption

Forming a Mobile Device Management (MDM) plan

• Designing a tier architecture
• Fortifying device synchronization

Securing the mobile endpoint

• Sandboxing
• Trusted approach
• Hosting
• Instituting remote wipe
• Assessing remote access solutions

Implementing an Ongoing Security Strategy
Analyzing systems for information leaks

• Requiring strong authentication
• Storing and exchanging data securely
• Configuring permissions correctly
• Minimizing user error
• Adopting standards for personal and organizational data

Creating the assessment plan

• Performing end-user testing
• Manual vs. automated testing
• Choosing the appropriate tool

Conducting a vulnerability assessment

• Extracting sensitive data from the iOS and Android file systems
• Producing a “quicklook” report
• Determining remediation steps